OTC VOTE: Keeping API compatibility with missing public key
Tomas Mraz
tmraz at redhat.com
Fri Dec 4 12:45:07 UTC 2020
Vote background
---------------
The vote on relaxing the conceptual model in regards to required public
component for EVP_PKEY has passed with the following text:
For 3.0 EVP_PKEY keys, the OTC accepts the following resolution:
* relax the conceptual model to allow private keys to exist without
public components;
* all implementations apart from EC require the public component to be
present;
* relax implementation for EC key management to allow private keys that
do not contain public keys and
* our decoders unconditionally generate the public key (where
possible).
However since then the issue 13506 [1] was reported.
During OTC meeting we concluded that we might need to relax also other
public key algorithm implementations to allow private keys without
public component.
Vote
----
topic: For 3.0 EVP_PKEY keys all algorithm implementations that were usable
with 1.1.1 EVP_PKEY API or low level APIs without public component must
stay usable.
This overrules the
* all implementations apart from EC require the public component to be present;
part of the vote closed on 2020-11-17.
Proposed by Tomas Mraz
Public: yes
opened: 2020-12-04
Tomas Mraz
More information about the openssl-project
mailing list